CVE-2013-4372 | HackTesting

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

References

http://rhn.redhat.com/errata/RHSA-2013-1862.html

http://www.securityfocus.com/bid/62659

http://fusesource.com/issues/browse/FMC-495

http://rhn.redhat.com/errata/RHSA-2013-1286.html

http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68

https://bugzilla.redhat.com/show_bug.cgi?id=1011736

https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5